This document sets out the policy of OCS relating to the collection, holding, use and disclosure of personal information, as well as the way in which OCS responds to requests for access to information and for correction, and to complaints about its privacy practices. OCS is committed to complying with all of its legal obligations relating to personal information, including (a) the Privacy Act 1988 of Australia (in relation to its operations in Australia) and(b) the Privacy Act 2020 of New Zealand (in relation to its operations in New Zealand).
This policy relates to OCS Group Australia Pty Ltd, OCS Group NZ Ltd and each of their related bodies corporate (collectively the "OCS Group"). If you are in Australia, references in this policy to "OCS" are to OCS Group Australia Pty Ltd and its related bodies corporate. If you are in New Zealand, such references are to OCS Group NZ Ltd and its related bodies corporate.
3. What is personal information
This policy frequently refers to the term "personal information", which has specific legal definitions depending on where you are located.
In Australia, “personal information” is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not. To put it more simply, if the information or opinion reasonably allows someone to be identified, this would be considered personal information. For example, an individual's name, address or e-mail address, together with records about OCS's dealings with that individual.
Personal information also includes "sensitive information" which includes more delicate categories of information about an individual, such as health information, racial and ethnic origin, and religious or philosophical affiliations or beliefs.
In New Zealand, “personal information” also means information about an identifiable individual, but does not include an express sub-category of "sensitive information". Nevertheless, the sensitive nature of any personal information will be relevant to the issue of notifiable privacy breaches – see below).
In either case, if an individual cannot be identified from the personal information held by OCS (for example, when it has been aggregated and anonymised) then this policy does not apply.
4. Collection of personal information
OCS only collects personal information if it is reasonably necessary for its business operations and other related purposes.
OCS collects personal information in a number of ways, including when it:
- Provides goods and services and related information to customers, and administers customer accounts;
- Engages with suppliers, contractors, professional advisors and other business associates;
- Engages with and assesses prospective employees; and
- Conducts trade or marketing promotions.
OCS, where reasonable and practicable to do so, only collects personal information from the individual after it has informed that individual that the information will be or is being collected. This does not apply where the individual has consented to collection of the information by OCS from someone else, or OCS is required or authorised by law to collect the information from someone else.
The kind of personal information collected and held by OCS includes:
- Applications for employment, and deliberations about applications, including work and criminal records checks where necessary;
- Contact details of suppliers, contractors, professional advisors and other business associates, and other information relevant to the business relationship;
- Where necessary to provide a service to individual clients of a business customer of OCS, details about those clients.
5. OCS' purposes for handling personal information
The purposes for OCS collecting, holding, using or disclosure of personal information include:
- Processing of applications for employment;
- Delivering OCS's services;
- Conducting relationships with OCS's suppliers, contractors, professional advisors and other business associates; and
- Running OCS's business, including any auditing of our services and business.
- Sending or showing you (a) promotional messages, marketing, advertising, and other information about OCS's services and (b) third-party promotional messages, marketing, advertising (including on-site display advertising), and other information that may be of interest to you (including information about our business partners), in each case with your consent.
OCS may disclose personal information to other related companies in the OCS Group overseas, including New Zealand and the United Kingdom who will only use the information for the same purpose for which the OCS disclosing company was authorised to use it and only for so long as is required for the purposes for which it was collected. OCS may also use overseas cloud storage platforms to store, access, process and modify personal information. It is not possible to identify all such foreign jurisdictions, but they may include the United States of America, Germany, the United Kingdom, and New Zealand.
6. Security of personal information
Personal information is held by OCS in a number of ways, including in electronic databases (including cloud servers), email contact lists, and in paper files held in drawers and cabinets, locked where appropriate. Paper files may also be archived in boxes and stored in an offsite secure facility.
OCS seeks to:
- Ensure that the personal information collected is up to date, accurate and complete;
- Ensure that the personal information used and disclosed is accurate, up to date, complete and relevant (having regard for the purpose of use or disclosure);
- Protect the personal information held from misuse, interference and loss; and
- Protect the personal information held from unauthorised access, modification or disclosure.
OCS follows generally accepted industry standards to protect the personal information collected by or submitted to us, both during transmission and once we receive it. OCS continuously implements and updates its administrative, technical, and physical security measures to help protect personal information against unauthorised access, loss, destruction, or alteration. However, despite all of our measures we cannot 100% guarantee the security of the transmission or storage of your personal information.
7. Accessing and correcting personal information
Personal information can be accessed by an individual by contacting the Privacy Officer as detailed below. Access will be granted subject to some exceptions permitted by law (under which your request for access to your personal information may be denied) and is provided in the manner requested by an individual subject to it being reasonable and practical for OCS to do so. OCS may charge a fee to cover reasonable costs of locating and providing the information.
If an individual believes the information held by OCS is inaccurate, out of date, or incomplete, the individual can request that the information be corrected by writing to the Privacy Officer. OCS will take reasonable steps to correct the information to ensure that, having regard for the purpose for which the information is held, that the information is accurate, up to date, complete, relevant and not misleading.
If corrected information was previously disclosed to a third party or overseas related entity, OCS will take reasonable steps to notify the other party of the correction.
OCS may in some circumstances refuse to correct personal information and if this is the case OCS will provide written notice to the individual that details:
- The reason for the refusal (except to the extent it would be unreasonable to do so); and
- How the individual may make a complaint about the refusal.
In circumstances where OCS refuses to correct personal information, an individual may make a request in writing to the Privacy Officer for OCS to associate with the information a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading. OCS will take reasonable steps to ensure it associates the statement in such a way that is apparent to users of the information.
The OCS Privacy Officer deals with any complaints and will respond to the individual within a reasonable timeframe. In Australia, once we receive an individual's complaint we will usually respond to your complaint within 20 working days. OCS takes all complaints seriously and any further action after the initial response will vary depending on the nature of the complaint. Please note that we may keep a record of your communications to help us resolve any issues that you raise.
9. Contact Information
OCS Privacy Officer
P O Box 111
Belmont, WA 6984
P: +61 1300 723 777